比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp02-1 2021-01-29 11:37:24 2021-01-29 11:37:25 1 秒

魔盾分数

1.4

正常的

文件详细信息

文件名 csrss.exe
文件大小 2940928 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 0c14e2ac894ffbf885e6632ca8b7759b
SHA1 5b02514e7772887c06838b68b314028434a4d5de
SHA256 857b5928584cc560f20e7ef00620b55e86588d4371baec3b1c69825a97ed0d4d
SHA512 0981d7d07a04e9f8d4d01133c92a630f0ab6e23a94bef5dc15aee9dc9686364469cfa0639320c0b1b387bbc58ffb72417206504a00cb02ef354fec45a177d4bf
CRC32 0317F69A
Ssdeep 49152:RlkPCC+vNu8VxxlG4iKYDyj3tqxjhAWTAj/FiLquGC5yf:11VxxlG4iKYDyEZhAWUrUL36
Yara 登录查看Yara规则
样本下载 提交漏报
登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x004b5cca
声明校验值 0x00000000
实际校验值 0x002d1011
最低操作系统版本要求 4.0
编译时间 2021-01-29 11:35:55
载入哈希 6f8a753b08d855a1cdddadda97fb6047

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000d5452 0x000d6000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.62
.rdata 0x000d7000 0x001c7766 0x001c8000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.76
.data 0x0029f000 0x00069aaa 0x00022000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.92
.rsrc 0x00309000 0x0000c8e0 0x0000d000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.38

导入

库: WINMM.dll:
0x4d76e0 midiStreamOut
0x4d76f0 waveOutWrite
0x4d76f4 waveOutPause
0x4d76f8 waveOutReset
0x4d76fc waveOutClose
0x4d7700 waveOutGetNumDevs
0x4d7704 midiStreamStop
0x4d7708 midiOutReset
0x4d770c midiStreamClose
0x4d7710 midiStreamRestart
0x4d7714 waveOutOpen
0x4d771c midiStreamOpen
0x4d7720 midiStreamProperty
0x4d7724 waveOutRestart
库: WS2_32.dll:
0x4d773c WSACleanup
0x4d7740 inet_ntoa
0x4d7744 closesocket
0x4d7748 getpeername
0x4d774c accept
0x4d7750 ntohl
0x4d7754 WSAAsyncSelect
0x4d7758 recvfrom
0x4d775c ioctlsocket
0x4d7760 recv
库: KERNEL32.dll:
0x4d71a0 GetVersion
0x4d71a4 IsDBCSLeadByte
0x4d71a8 lstrcmpA
0x4d71ac lstrcmpiA
0x4d71b0 lstrcpynA
0x4d71bc GetFileType
0x4d71c0 DuplicateHandle
0x4d71c8 GetLocalTime
0x4d71d0 CreateMutexA
0x4d71d4 ReleaseMutex
0x4d71d8 SuspendThread
0x4d71e4 GetSystemInfo
0x4d71f0 GetACP
0x4d71f4 HeapSize
0x4d71f8 RaiseException
0x4d71fc GetSystemTime
0x4d7200 RtlUnwind
0x4d7204 GetStartupInfoA
0x4d7208 GetOEMCP
0x4d720c GetCPInfo
0x4d7210 GetProcessVersion
0x4d7214 SetErrorMode
0x4d7218 GlobalFlags
0x4d721c GetCurrentThread
0x4d7220 GetFileTime
0x4d7224 TlsGetValue
0x4d7228 LocalReAlloc
0x4d722c TlsSetValue
0x4d7230 TlsFree
0x4d7234 GlobalHandle
0x4d7238 TlsAlloc
0x4d723c LocalAlloc
0x4d7240 GlobalGetAtomNameA
0x4d7244 GlobalAddAtomA
0x4d7248 GlobalFindAtomA
0x4d724c GlobalDeleteAtom
0x4d7250 SetEndOfFile
0x4d7254 UnlockFile
0x4d7258 LockFile
0x4d725c FlushFileBuffers
0x4d7260 LocalFree
0x4d7268 SetLastError
0x4d726c TerminateProcess
0x4d7270 GetFileSize
0x4d7274 SetFilePointer
0x4d7278 WideCharToMultiByte
0x4d727c MultiByteToWideChar
0x4d7280 GetCurrentProcess
0x4d7288 GetSystemDirectoryA
0x4d728c TerminateThread
0x4d7290 CreateSemaphoreA
0x4d7294 ResumeThread
0x4d7298 ReleaseSemaphore
0x4d72a4 GetProfileStringA
0x4d72a8 WriteFile
0x4d72ac ReadFile
0x4d72b4 CreateFileA
0x4d72b8 SetEvent
0x4d72bc FindResourceA
0x4d72c0 LoadResource
0x4d72c4 LockResource
0x4d72c8 lstrlenW
0x4d72cc GetModuleFileNameA
0x4d72d0 GetCurrentThreadId
0x4d72d4 ExitProcess
0x4d72d8 GlobalSize
0x4d72dc GlobalFree
0x4d72e4 InterlockedExchange
0x4d72ec lstrcatA
0x4d72f0 lstrlenA
0x4d72f4 WinExec
0x4d72f8 lstrcpyA
0x4d72fc FindNextFileA
0x4d7300 GlobalReAlloc
0x4d7304 HeapFree
0x4d7308 HeapReAlloc
0x4d730c GetProcessHeap
0x4d7310 HeapAlloc
0x4d7314 GetUserDefaultLCID
0x4d7318 GetFullPathNameA
0x4d731c FreeLibrary
0x4d7320 LoadLibraryA
0x4d7324 GetLastError
0x4d7328 GetVersionExA
0x4d7330 CreateThread
0x4d7334 CreateEventA
0x4d7338 Sleep
0x4d7340 GlobalAlloc
0x4d7344 GlobalLock
0x4d7348 GlobalUnlock
0x4d734c GetTempPathA
0x4d7350 FindFirstFileA
0x4d7354 FindClose
0x4d7358 SetFileAttributesA
0x4d735c GetFileAttributesA
0x4d7360 MoveFileA
0x4d7364 DeleteFileA
0x4d7368 CreateDirectoryA
0x4d7378 GetModuleHandleA
0x4d737c GetProcAddress
0x4d7380 MulDiv
0x4d7384 GetCommandLineA
0x4d7388 GetTickCount
0x4d738c CreateProcessA
0x4d7390 WaitForSingleObject
0x4d7394 CloseHandle
0x4d73a8 SetHandleCount
0x4d73ac GetStdHandle
0x4d73b4 HeapDestroy
0x4d73b8 HeapCreate
0x4d73bc VirtualFree
0x4d73c4 LCMapStringA
0x4d73c8 LCMapStringW
0x4d73cc VirtualAlloc
0x4d73d0 IsBadWritePtr
0x4d73d8 GetStringTypeA
0x4d73dc GetStringTypeW
0x4d73e0 CompareStringA
0x4d73e4 CompareStringW
0x4d73e8 IsBadReadPtr
0x4d73ec IsBadCodePtr
0x4d73f0 SetStdHandle
0x4d73f4 SetFileTime
库: USER32.dll:
0x4d7468 GetWindow
0x4d746c GetActiveWindow
0x4d7470 SetFocus
0x4d7474 IsIconic
0x4d7478 PeekMessageA
0x4d747c SetMenu
0x4d7480 GetMenu
0x4d7484 DeleteMenu
0x4d7488 GetSystemMenu
0x4d748c DefWindowProcA
0x4d7490 GetClassInfoA
0x4d7494 IsZoomed
0x4d7498 PostQuitMessage
0x4d74a4 SetWindowRgn
0x4d74a8 GetMessagePos
0x4d74ac ScreenToClient
0x4d74b4 CopyRect
0x4d74b8 LoadBitmapA
0x4d74bc WinHelpA
0x4d74c0 LoadImageA
0x4d74c8 ClientToScreen
0x4d74cc EnableMenuItem
0x4d74d0 GetSubMenu
0x4d74d4 GetDlgCtrlID
0x4d74d8 CreateMenu
0x4d74dc ModifyMenuA
0x4d74e0 AppendMenuA
0x4d74e4 CreatePopupMenu
0x4d74e8 DrawIconEx
0x4d74f8 SetRectEmpty
0x4d74fc DispatchMessageA
0x4d7500 UnregisterClassA
0x4d7504 GetMessageA
0x4d7508 WindowFromPoint
0x4d750c DrawFocusRect
0x4d7510 DrawEdge
0x4d7514 DrawFrameControl
0x4d7518 KillTimer
0x4d751c SetTimer
0x4d7520 ReleaseCapture
0x4d7524 GetCapture
0x4d7528 SetCapture
0x4d752c GetScrollRange
0x4d7530 SetScrollRange
0x4d7534 SetScrollPos
0x4d7538 SetRect
0x4d753c InflateRect
0x4d7540 IntersectRect
0x4d7544 DestroyIcon
0x4d7548 PtInRect
0x4d754c OffsetRect
0x4d7550 IsWindowVisible
0x4d7554 EnableWindow
0x4d7558 RedrawWindow
0x4d755c GetKeyState
0x4d7560 SetWindowLongA
0x4d7564 GetSysColor
0x4d7568 SetActiveWindow
0x4d756c SetCursorPos
0x4d7570 LoadCursorA
0x4d7574 SetCursor
0x4d7578 GetSysColorBrush
0x4d757c LoadStringA
0x4d7580 GetDC
0x4d7584 FillRect
0x4d7588 IsRectEmpty
0x4d758c ReleaseDC
0x4d7590 IsChild
0x4d7594 DestroyMenu
0x4d7598 SetForegroundWindow
0x4d759c GetWindowRect
0x4d75a0 EqualRect
0x4d75a4 UpdateWindow
0x4d75a8 ValidateRect
0x4d75ac InvalidateRect
0x4d75b0 GetClientRect
0x4d75b4 GetFocus
0x4d75b8 GetParent
0x4d75bc GetTopWindow
0x4d75c0 PostMessageA
0x4d75c4 IsWindow
0x4d75c8 SetParent
0x4d75cc DestroyCursor
0x4d75d0 SendMessageA
0x4d75d4 SetWindowPos
0x4d75d8 MessageBoxA
0x4d75dc GetCursorPos
0x4d75e0 GetSystemMetrics
0x4d75e4 EmptyClipboard
0x4d75e8 SetClipboardData
0x4d75ec OpenClipboard
0x4d75f0 GetClipboardData
0x4d75f4 CloseClipboard
0x4d75f8 wsprintfA
0x4d75fc WaitForInputIdle
0x4d7600 LoadIconA
0x4d7604 TranslateMessage
0x4d7608 GetForegroundWindow
0x4d760c GetDesktopWindow
0x4d7610 GetClassNameA
0x4d7614 GetDlgItem
0x4d7618 GetWindowTextA
0x4d761c CharUpperA
0x4d7620 CallWindowProcA
0x4d7624 CreateWindowExA
0x4d7628 RegisterHotKey
0x4d762c UnregisterHotKey
0x4d7634 IsWindowEnabled
0x4d7638 ShowWindow
0x4d763c GetWindowLongA
0x4d764c GetWindowDC
0x4d7650 BeginPaint
0x4d7654 EndPaint
0x4d7658 TabbedTextOutA
0x4d765c DrawTextA
0x4d7660 GrayStringA
0x4d7664 DestroyWindow
0x4d766c EndDialog
0x4d7670 GetNextDlgTabItem
0x4d7674 GetWindowPlacement
0x4d767c GetLastActivePopup
0x4d7680 GetMessageTime
0x4d7684 RemovePropA
0x4d7688 GetPropA
0x4d768c UnhookWindowsHookEx
0x4d7690 SetPropA
0x4d7694 GetClassLongA
0x4d7698 CallNextHookEx
0x4d769c SetWindowsHookExA
0x4d76a0 GetMenuItemID
0x4d76a4 GetMenuItemCount
0x4d76a8 RegisterClassA
0x4d76ac GetScrollPos
0x4d76b0 AdjustWindowRectEx
0x4d76b4 MapWindowPoints
0x4d76b8 SendDlgItemMessageA
0x4d76bc ScrollWindowEx
0x4d76c0 IsDialogMessageA
0x4d76c4 SetWindowTextA
0x4d76c8 MoveWindow
0x4d76cc CheckMenuItem
0x4d76d0 SetMenuItemBitmaps
0x4d76d4 GetMenuState
库: GDI32.dll:
0x4d704c ExtSelectClipRgn
0x4d7050 LineTo
0x4d7054 CreateCompatibleDC
0x4d7058 Ellipse
0x4d705c Rectangle
0x4d7060 LPtoDP
0x4d7064 DPtoLP
0x4d7068 GetCurrentObject
0x4d706c RoundRect
0x4d7074 GetDeviceCaps
0x4d7078 StretchBlt
0x4d707c CreatePalette
0x4d7084 CreateDIBitmap
0x4d7088 DeleteObject
0x4d708c SelectClipRgn
0x4d7090 GetClipRgn
0x4d7094 SetStretchBltMode
0x4d709c SetBkColor
0x4d70a0 CreateFontA
0x4d70a8 MoveToEx
0x4d70ac ExcludeClipRect
0x4d70b0 GetClipBox
0x4d70b4 ScaleWindowExtEx
0x4d70b8 SetWindowExtEx
0x4d70bc SetWindowOrgEx
0x4d70c0 ScaleViewportExtEx
0x4d70c4 SetViewportExtEx
0x4d70c8 OffsetViewportOrgEx
0x4d70cc GetViewportExtEx
0x4d70d0 PtVisible
0x4d70d4 RectVisible
0x4d70d8 TextOutA
0x4d70dc ExtTextOutA
0x4d70e0 Escape
0x4d70e4 GetTextMetricsA
0x4d70e8 BitBlt
0x4d70ec StartPage
0x4d70f0 StartDocA
0x4d70f4 DeleteDC
0x4d70f8 EndDoc
0x4d70fc EndPage
0x4d7100 GetObjectA
0x4d7104 GetStockObject
0x4d7108 CreateFontIndirectA
0x4d710c CreateSolidBrush
0x4d7110 FillRgn
0x4d7114 CreateRectRgn
0x4d7118 CombineRgn
0x4d711c PatBlt
0x4d7120 CreatePen
0x4d7124 SetViewportOrgEx
0x4d7128 SetMapMode
0x4d712c SetTextColor
0x4d7130 SetROP2
0x4d7134 SetPolyFillMode
0x4d7138 SetBkMode
0x4d713c RestoreDC
0x4d7140 SaveDC
0x4d7144 SelectObject
0x4d7148 CreateBitmap
0x4d714c CreateDCA
0x4d7154 GetPolyFillMode
0x4d7158 GetStretchBltMode
0x4d715c GetROP2
0x4d7160 GetBkColor
0x4d7164 SelectPalette
0x4d7168 GetTextColor
0x4d716c CreateRoundRectRgn
0x4d7170 CreateEllipticRgn
0x4d7174 PathToRegion
0x4d7178 EndPath
0x4d717c BeginPath
0x4d7180 GetWindowOrgEx
0x4d7184 GetViewportOrgEx
0x4d7188 GetWindowExtEx
0x4d718c GetDIBits
0x4d7190 CreatePolygonRgn
0x4d7194 GetBkMode
0x4d7198 RealizePalette
库: WINSPOOL.DRV:
0x4d772c OpenPrinterA
0x4d7730 DocumentPropertiesA
0x4d7734 ClosePrinter
库: ADVAPI32.dll:
0x4d7000 RegQueryValueExA
0x4d7004 RegOpenKeyExA
0x4d7008 RegSetValueExA
0x4d700c RegQueryValueA
0x4d7010 RegCreateKeyExA
0x4d7014 RegOpenKeyA
0x4d7018 RegCloseKey
库: SHELL32.dll:
0x4d744c Shell_NotifyIconA
0x4d7450 DragQueryFileA
0x4d7454 DragFinish
0x4d7458 DragAcceptFiles
0x4d745c ShellExecuteA
库: ole32.dll:
0x4d777c CLSIDFromProgID
0x4d7780 OleRun
0x4d7784 CoCreateInstance
0x4d7788 CLSIDFromString
0x4d778c OleUninitialize
0x4d7790 OleInitialize
库: OLEAUT32.dll:
0x4d73fc LoadTypeLib
0x4d7400 UnRegisterTypeLib
0x4d7404 LHashValOfNameSys
0x4d7408 RegisterTypeLib
0x4d740c SafeArrayPutElement
0x4d7410 SafeArrayCreate
0x4d7414 SafeArrayDestroy
0x4d7418 SysAllocString
0x4d741c VariantInit
0x4d7420 VariantCopyInd
0x4d7424 SafeArrayGetElement
0x4d7428 SafeArrayAccessData
0x4d7430 SafeArrayGetDim
0x4d7434 SafeArrayGetLBound
0x4d7438 SafeArrayGetUBound
0x4d743c VariantChangeType
0x4d7440 VariantClear
0x4d7444 VariantCopy
库: COMCTL32.dll:
0x4d7020 ImageList_Add
0x4d7024 ImageList_BeginDrag
0x4d7028 ImageList_Create
0x4d702c ImageList_Destroy
0x4d7030 ImageList_DragEnter
0x4d7034 ImageList_DragLeave
0x4d7038 ImageList_DragMove
0x4d7040 ImageList_EndDrag
0x4d7044 None
库: comdlg32.dll:
0x4d7768 ChooseColorA
0x4d776c GetFileTitleA
0x4d7770 GetSaveFileNameA
0x4d7774 GetOpenFileNameA
.text
`.rdata
@.data
.rsrc
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
3hyug
3hVxg
没有防病毒引擎扫描信息!

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

无UDP连接纪录.

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 9.907 seconds )

  • 6.962 Static
  • 1.794 VirusTotal
  • 0.758 TargetInfo
  • 0.357 peid
  • 0.013 AnalysisInfo
  • 0.012 Strings
  • 0.007 config_decoder
  • 0.002 BehaviorAnalysis
  • 0.002 Memory

Signatures ( 0.082 seconds )

  • 0.012 antiav_detectreg
  • 0.01 md_domain_bl
  • 0.01 md_url_bl
  • 0.005 anomaly_persistence_autorun
  • 0.005 antiav_detectfile
  • 0.005 infostealer_ftp
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_im
  • 0.002 tinba_behavior
  • 0.002 antianalysis_detectreg
  • 0.002 antivm_vbox_files
  • 0.002 geodo_banking_trojan
  • 0.002 disables_browser_warn
  • 0.002 infostealer_mail
  • 0.001 rat_nanocore
  • 0.001 betabot_behavior
  • 0.001 cerber_behavior
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop

Reporting ( 0.587 seconds )

  • 0.498 ReportHTMLSummary
  • 0.089 Malheur
Task ID 616552
Mongo ID 60138304dc327b57a9e2106e
Cuckoo release 1.4-Maldun